Re: Advice Needed On Recent Rootings

To: Jayson Vantuyl <kagato@souja.net>
Cc: David Ramsden <david@hexstream.eu.org>, Debian Security <debian-security@lists.debian.org>
Subject: Re: Advice Needed On Recent Rootings
From: Olaf Dietsche <olaf+list.debian-security@olafdietsche.de>
Date: Wed, 28 May 2003 14:06:21 +0200
Message-id: <87k7cb46o2.fsf@goat.bogus.local>
In-reply-to: <20030528051240.GD7093@yagami.infodump.net> (Jayson Vantuyl's message of "Wed, 28 May 2003 00:12:40 -0500")
References: <20030525180430.GB32546@yagami.infodump.net> <1053891223.20535.100.camel@defiant.sonsofthunder.yi.org> <20030525194429.GA17689@server-01.lan.hexstream.eu.org> <20030528051240.GD7093@yagami.infodump.net>

Jayson Vantuyl <kagato@souja.net> writes:

> Thankfully, we don't have root passwords.  In our space, we find root to
> more of a concept than a user, so we disable the password and set up a
> group that can su to root.  That way we have a good handle on things.
> Root never logs in, so we know somethings up if we see that.  Also, if
> it is hacked from a su-able user, we get a log of that too.  I highly
> recommend this set up (although it wasn't enough in our case :).

Just curious, how do you su to root, if root's password is disabled?
Do you have a modified su replacement?

Regards, Olaf.

Reply to:

Follow-Ups:
- Re: Advice Needed On Recent Rootings
  - From: Noah Meyerhans <noahm@debian.org>
- Re: Advice Needed On Recent Rootings
  - From: Jayson Vantuyl <kagato@souja.net>

References:
- Advice Needed On Recent Rootings
  - From: Jayson Vantuyl <kagato@souja.net>
- Re: Advice Needed On Recent Rootings
  - From: Bradley Alexander <storm@tux.org>
- Re: Advice Needed On Recent Rootings
  - From: David Ramsden <david@hexstream.eu.org>
- Re: Advice Needed On Recent Rootings
  - From: Jayson Vantuyl <kagato@souja.net>

Prev by Date: LVS+grsecurity
Next by Date: Re: VPN gateway
Previous by thread: Re: Advice Needed On Recent Rootings
Next by thread: Re: Advice Needed On Recent Rootings
Index(es):
- Date
- Thread